Pages

Wednesday, November 30, 2011

Benefits of Social Media Sign-In Must Offset Privacy Concerns

One of the most important yet tedious components of opening a new account account at a bank is completing the new account form. Whether done at a branch or online, the new account registration process is the first (and sometimes only) time when a bank can learn about a customer's needs, behaviors and expectations of the relationship.

Unfortunately, this process has changed very little over the years and is usually only comprised of gathering the most rudimentary of information from the potential customer (name, address, phone, social security number, account type desired, etc.) and collecting funds/obtaining a signature. The rationale for only collecting the most basic information has been to balance the desire for insight with a respect for the customer's time. This balance becomes even more important in the online world, where a customer can easily abandon the account opening process with little repercussion.

The research underscored the importance of delivering a fast and relatively simple account opening process for online/mobile consumers. "Most people open accounts online because they expect it to be faster and more convenient than doing it over the phone or visiting a branch," says Mark Schwanhausser, senior analyst with Javelin. To succeed, Javelin outlined two primary areas of focus:

Reduce abandonment rates by focusing on usability and simplicity to minimize points of friction.

The research from Javelin is reinforced by research done late last year by Blue Research on behalf of Janrain that found that three out of four web users would rather leave a website than complete a registration process. Among those that would complete a brand new registration, 76% said they would give false or incomplete information.

This creates an interesting dilemma for banks where every new online and branch based customer could be worth hundreds of dollars in annual revenue and where understanding the new customer is paramount to an enhanced customer experience. On the other hand, the information collected needs to be accurate.

Social Sign-In (SSI) as a Potential Solution

Social sign-in could provide a viable and highly profitable enhancement to the traditional new account opening process. With a single click, anyone who has already registered on Facebook, LinkedIn or most other social networks could have a significant amount of required information transferred to the new account form in addition to insights associated with the social network.

"With social sign-in, there is greater engagement and companies have access to richer profile information because the data elements collected on social networks are more extensive than what firms usually request from customers," states eMarketer principal analyst Jeffrey Grau in his report Social Commerce: Personalized and Collaborative Shopping Experience. When a consumer gives permission to access personal (or business) data on Facebook or another social network, the bank can see more about what these people like and their interests. And the insight can be updated over time as opposed to traditional collection techniques where the insight goes stale.

While banking is definitely different than retail from a consumer's perspective of need for privacy, two-thirds of respondents to the Janrain study preferred social sign-in to completing an entirely new registration form. Interestingly, according to Forrester and Nielsen, the people who preferred social sign-in were also more valuable as consumers and more likely to be active on social networks.

"Consumers are frustrated with the traditional online registration process and will favor brands that make it easy for them to be recognized . . . the rapid growth of social media has dramatically impacted consumer's expectations of websites . . . ," states Paul Abel, Ph.D, and managing partner of Blue Research.

Social sign-in is not unfamiliar to people who use the web regularly. According to recent statistics from Janrain, Facebook is the most popular choice for sign-ins, used by 39% of consumers, with Google being ranked second with 30%. Even Twitter is used by 8% of the respondents even though this network is used to share 32% of the content.

Movenbank Social Sign-In

While still in the start-up (Alpha) phase, Movenbank is requiring it's first members to register and log in using Facebook. Over a breakfast with Movenbank founder and Bank 2.0 author Brett King a few weeks ago in Chicago, Brett mentioned that the current method of new account application is outdated in today's highly digital environment.

"A customer doesn't want to sit in front of their computer or on their phone completing lengthy forms. A social sign-in provides an easy way for the customer to start the process while providing us more (and probably more accurate) information," said King. He added that he has found no regulatory stipulation for the traditional signature card, and that there would be instant cross referencing of traditional databases (possibly credit bureau data) to help solve identification issues.

Of particular interest to King and Movenbank is the enhanced level of insight provided through the integration with Facebook (and eventually other social networks such as LinkedIn and Twitter). With this insight (and the completion of a relatively short survey), Movenbank can create a 'Financial Personality'. According to King, the intention is to provide a unique customer experience where financial solutions can be developed based on the customer's behavior and lifestyle.

Social sign-in also provides the opportunity for social sharing beyond the 'liking' of a product within a social network. By connecting friends that are using the same social channel (with their permission) people can interact, share experiences and potentially even be involved in the product development process. In my breakfast with Brett King he mentioned the possibility of customer panels that can digitally interact and make the Movenbank experience 'richer'.

Security and Privacy Concerns

Along with almost any discussion around social media and banking come security and privacy concerns. How will the bank (or retail site) use my personal information on Facebook or another social sign-in site? How will my information (and identity) be secure?

Movenbank addressed some of the concerns in a recent blog post stating that Facebook would not be the sole source of information used for setting up an account or determining your needs. In addition, the customer would control what insight is collected and shared. As Finextra stated in a recent post dealing with the issue of security, Movenbank (and others) need to tread carefully when accessing personal data.

Consumer concerns are evident in the comments to a recent blog post in the Harvard Business Review by Larry Drebes, founding member of the non-profit OpenID Foundation and CEO of Janrain. While his blog post is definitely a bit biased towards the benefits and growth of social sign-in, the comments of readers illustrated the sensitivity of people around privacy and the return they need to get for the sharing of their social history. One reader stated, "Marketers are digging the hole for the intelligence community's future mass data-mine, and ordinary people will get the shaft".

Probably the best response to the HBR post was from a gentleman who stated that each time he is asked for a social sign-in, he needs to balance the benefits with the potential 'risks'. He stated, "Over the past few years , online offerings have become increasingly rich and complicated. I am a heavy consumer of online services and have used social media sign-ins on a number of occasions, Any time I am faced with logging in, I have to look at; 1) The cost in time and effort of completing a new registration, and 2) The value of my information I am asked to ante up". He continued, "My hypothesis is that the entities that are offering social sign-ins right now are more sophisticated in the social space and realize there is a fundamental shift in the way businesses interact with their customers online.

To help alleviate some of the public's concern over both privacy and security of information associated with social sign-ins, the National Strategy for Trusted Identities in Cyberspace (NSTIC) has been established by the White House to improve on the password and log in process on the web. This organization is a collaboration of both private, public and consumer organizations established to develop a common 'Identity Ecosystem that benefits all constituents.

Whether social sign-ins are a 'data capture deal changer as presented by Loren McDonald from Silverpop in a recent blog post or a non-starter as some will profess, it is clear that the sharing of personal information is a value exchange between the potential customer and the business/bank. If a clear value enhancement proposition is not offered in exchange for the insight (or social network) requested, we will be relegated to traditional data collection with the inherit application abandonment that is costing our industry billions of dollars and millions of customers annually.

I would love to hear your thoughts on what Movenbank is doing with Facebook sign-in integration and on the concept of using social sign-ins to enhance and streamline online new account opening. I would also love to hear what enhancements to your current product solutions could be provided with the enhanced insight collected?

7 comments:

I don't know why everyone got steamed up about the Movenbank deal Jim.

First, it's an 'alpha' site. It's getting sign ups but not the only way of signing on.

Second, even if FB was the only sign-on method, what's the issue? My FB account details are as secure as my bank sign-on details, if not more so because it's personal. If my FB was compromised, it'd be just as damaging as my bank account from a reputational perspective.

Digital security and privacy will continue to be a divisive issue in the industry and on a personal level, which is why most discussion around the use in the FI space talks about multiple sources of authentication. Most also mention that social login is not required.

But if Movenbank (or others) find a way to leverage this insight for a stronger customer experience (which I assume they will) and can provide me solutions based on the changes in my life as opposed to selling me the product of the month, I am in.

It will also help as public, private and consumer organizations work to set guidelines on the ability to use standardized SSI. As long as the guidelines don't limit access if the consumer prefers.

I'm with Chris - the Alpha site is about early engagement. We're not transacting, there's no exposure of account information, no third-party transfers - we were asking customers about spending habits in a personality quiz?

What we learned at Movenbank was two things:

1. Our competitors are terrified about our disruptive moves and the implications for their brands when it comes to social interactions and integration, and2. Customers don't think it is a big deal, but they'll gladly make the trade-off with SSI to reduce the typical KYC workload

The fact is that we'll be as secure as any other internet bank you can find through Two-Factor Authentication. You'll need to use your App to get access online also, in addition to SSI. In the App, we'll use a number of methods of authentication (we're trialling biometric IDV right now in the prototype as a method).

Facebook is not the problem here. Identity is the issue. Banks are worried about the exposure of 'identity' information through social media and how current identity can be compromised. We look as social media as a new identity management layer, and we see verified/trusted online identities as the future of secure verification - not the erosion of privacy or an attack on outdated identity verification systems.

I am not in the "I don't know why everyone got steamed up about the Movenbank" group. I actually think Brett and his team should be commended for actually trying something different in the financial services space.

I have been following this topic the last few days on Twitter. I read the@movenbank blog about using Facebook to sign-in. I read the links you provided and your blog post regarding this topic a few times. I think this is a terrible idea. I thought it was a terrible idea when I setup my alpha account at movenbank.com

The good reasons behind using social media as a sign-in are understandable. The downside is, how many of these accounts actually have good data. But let’s put that aside. Forget why I think using social media as an authenticated sign-in for any company. I would rather discuss what I think is better and what I think is superior.

To remove the pain of setting up a new relationship online is paramount. Whether it is an account for Coke Rewards, setting up an account at Barnes & Noble, donating money or opening a banking account, it should be simple. Always typing the same info is tiresome. To me, the easiest authentication tool is a very old fashioned product. It is my email account and associated profile. Mine currently has my real name, address, sex and date of birth. Using my powers of Quantipulation, according to Ron Shevlin ( http://snarketing2dot0.com/2011/07/28/quantipulation-roi-versus-success/) the art and act of using unverifiable math and statistics to convince people of what you believe to be true, people’s primary email accounts are more likely to contain real information than their social media accounts. This is important when opening up an account at a financial services company.

Now I am not a typical email user. My email uses two factor authentication. That is the power of Google. I used to be a fan of OpenID but my Google email (gmail) account is my basic OpenID. It is my preferred method. The only time I use twitter as an authentication service is when a service requires it and for me I would only use it with an ancillary Twitter service.

At the same time, I want to be able to control what information of mine is going to be used a service provider. I do not think we are there yet. But, the industry is slowly moving this way and that is positive. Now the financial services industry needs to find a way to capitalize on this. Sans a compliance and security audit, I see no harm initiating account opening with another service providers stored data to make the process more efficient, as long as the existing security/credit check/Patriot Act/Know Your customer, etc., procedures are not diminished from today’s standards and continue to strengthen in the future. As long as a customer can choose to lock down their newly created accounts we should be in good shape.

I think the reality is, none of the methods discussed are truly robust enough to handle what is needed for creating valid accounts for various industries. Companies using these methods and people like us discussing the issues will help make the necessary changes that are needed to make this really work. I think having an encrypted and secure optional profile section on my email and social media accounts designed specifically for use in making ecommerce easier and more efficient is a way to start.

Statcounter

All data and information provided on this site is for informational purposes only. jimmarous.blogspot.com makes no representations as to accuracy, completeness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis. This is a personal weblog. All the contents of the Blog, except for comments, constitute the opinion of the Author, and the Author alone; they do not represent the views and opinions of the Author’s employer, supervisors, nor do they represent the view of organizations, businesses or institutions the Author is a part of. The Author is not being paid to write content on this Blog or to manage and in any way operate this Blog. The Author is not responsible for the content of any comments made by the Commenter(s).